Bob Adams is a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.

As you may have noticed at the end of Part 3, I revealed that this will be the conclusion of my discussion on Targeted Threat Protection. And, as a thank you for sticking with me, I saved a bonus 11th optimization tip just for you!

One of the most important aspects of Mimecast, and really any products you use, is to understand its customizability. How can it be tailored for your organization? What are your options? In writing the Top 10 Ways to Optimize TTP Guide, my goal was to familiarize you with the ins and outs of some of the more intricate settings of TTP. As part of that understanding, I want to conclude by elaborating on some customizations of the service.

In Step 8, I highlighted that, with Impersonation Protect, you can do more than use a generic ‘External’ tag in all inbound emails. Administrators can choose to tag the Subject Line and Message Body with customized plain text.

Additionally, the Header of emails can be tagged, which allows users and/or administrators to create rules to take an automated action on the emails. But don’t stop there. Mimecast allows you to use HTML in the Message Body tag to grab your users’ attention. Use bold, italics, colored font, or even images on specific messages that are suspicious. You can even create different alerts for different users or groups of users. For example, you can configure the Message Body tag for emails addressed to anyone in Finance to:

These are just some examples of the many ways in which you can customize Impersonation Protect and get more power out of the settings available. This is important because it allows you to do more than a blanket [EXTERNAL] tag on every inbound email, which users tend to stop noticing after a few days. These specific tags are added when your Impersonation Protect policy is triggered, which means only certain potentially suspicious emails (not all) are tagged, raising your users’ attention immediately.

As many customers of Mimecast’s URL Protect know, the User Awareness page is an important teachable moment that can give users an extra chance to make the right decision, as well as allow administrators to track user behavior. However, did you know that you can customize the User Awareness Page in multiple different ways?

By default, the User Awareness Page appears as follows:

You can customize the banner (color and logo) to represent your organization. Furthermore, instead of the default title “Do you think this link is safe?” and the Body Text beneath it, you can customize the text. In the example below, I’ve changed the text to deliver a slightly different message:

Additionally, you can choose what the various follow up pages detail as well. For example, if a user selects “It’s Safe” and the site is actually malicious, by default, users see:

As with the initial “Do you think this link is safe?” User Awareness page, the title and body text here can be customized. However, you can also edit the Safety Tips section. By default, Mimecast provides nearly two dozen tips, but you can add your own. Not only that, you can choose to display only Mimecast tips, custom tips, or both Mimecast and your custom tips, thereby giving users a broader set of informational guides to be more cautious and aware when clicking links.

Overall, Mimecast Targeted Threat Protection is more than just a set of check boxes to protect your organization. It’s a versatile solution that we’ve designed to allow administrators custom control across their environment and customizability in the complicated world of cybersecurity. I hope you have enjoyed learning about how you can optimize TTP, and that you’ve been able to implement some of this advice into your organization!

Bob Adamsis a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.

In Part 3, I will cover the various ways in which Mimecast Attachment Protect analyzes attachments and the different ways it can be configured to best protect your organization without compromising your security.

Before we discuss the different settings available to you and how Mimecast inspects files, it’s important to understand the evolution of malware attacks. Files don’t necessarily need to contain a virus or malware anymore, but simply the code to retrieve one. For example, in Mimecast’s Attachment Protect logs, you may see lines such as:

Deleting volume shadow copies

Disabling Windows Updates

Disabling installed firewalls

Disabling known security suites (AntiVirus, FireWall)

Stopping the Windows Security Center service

Attempting to download remote executable content

Connecting to server using hard-coded IP address

None of these are things a file should do to your users’ machines, but take a look at the level of depth these attacks go into. They delete your Windows backups (volume shadow copies), disable your security measures, connect to a hard-coded IP and try to download a remote executable file. Traditional anti-virus inspections, no matter how many signatures you’re checking against, are unable to detect this level of attack. To combat the evolution of attachment-based attacks, Attachment Protect has continuously evolved since it was released over three years ago.

Safe File is versatile as it can be configured to convert a file into another format (e.g. a Word document to PDF). However, also note that it can convert a file into a safe copy of itself (e.g. Word to Word) thereby removing any macros, malicious code and any potential delivery delay.

Do your receptionists ever need to work with macro-enabled files, or receive external attachments that are editable? Perhaps not, so configure a Safe File Definition against their AD Group. Maybe some users will need an editable file, so convert files for those users to their original file format, and have another definition for others to simply convert to PDF only.

Meanwhile, your legal and finance teams may heavily use macro-enabled files. Depending on their needs, you can leverage a Dynamic Configuration or simply a Pre-Emptive Sandboxing approach to ensure they receive their files safely without needing to perform On-Demand Sandboxing each time.

Overall, Attachment Protect contains very powerful and flexible capabilities that allow you to both layer your security (through Mimecast’s multiple AV engines, Static File Analysis, Safe File Conversion and Behavioral Sandboxing) as well as customize the experience for different users across your organization.

Lastly, if you’re still reading this, then you’re one of the first people to find out that Part 4, the final blog in this series, will cover a bonus 11th Tip to optimize your TTP. It’s an important setting that I want more Mimecast customers to be aware of, so stay tuned. As always, please feel free to share with others and/or comment below!

Bob Adamsis a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.

Continuing the discussion, I wanted to delve into how Mimecast handles domains. In Part 2, we will cover the first set of tips in more detail, give some more background on the settings and offer additional tips.

I first covered how to display the destination domain of a Mimecast rewritten URL. Enabling this feature helps users specifically take notice of the website’s domain only instead of an entire URL. For example, what would a user think of the following?

They would likely only see facebook.com. This attack is specifically designed for users on mobile devices: They click a link, and instead of opening the Facebook application (remember that it is not actually Facebook), they'll only see what the attacker wants them to see in their browser. In this example, they completely miss that the URL is an unsafe site:

Did you also know that, as a Mimecast Administrator, you can decode URLs rewritten by Mimecast? Understanding how Mimecast rewrites URLs is important, which highlights one of the most important areas of focus for email security: domain identification. Within an inbound email or URL, you can detect and display the destination domain. However, it’s not just about identifying a domain, but also analyzing it for impersonation.

Mimecast recently added Advanced Similarity Checks which go beyond Anti-Spoofing and DNS Authentication (SPF, DKIM, and DMARC). With these checks, organizations can identify attackers attempting to use domains intended to appear like their own, as well as organizations they work with such as suppliers and customers. This functionality applies to both Mimecast URL Protect and Mimecast Impersonation Protect.

Attackers also attempt to use various character manipulation tactics to trick your users. As outlined in the Top 10 guide, these enhancements are explained in great detail in a recent Service Update.

Remember, Mimecast’s Targeted Threat Protection (TTP) is only going to protect your organization if it’s configured. A crucial part of domain detection will be to populate your Custom Monitored Domain list to ensure Mimecast is protecting your organization from both the Mimecast Managed Domains list as well as the domains you specify for your organization.

I hope you’re becoming more comfortable with your environment’s email security and have learned some of the new ways we're enhancing our products. Stay tuned for Part 3, where we’ll cover how to understand the various Mimecast Attachment Protect options, and how TTP features can be versatile by applying different settings across your environment.

Dan Sloshbergis the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.

Combating the rapidly evolving threat landscape is a constant struggle, with email remaining the number one attack vector and threats becoming more stealthy, sophisticated and evasive to detection. The Mimecast for IBM QRadar app offers organizations better detection and alerting before, during and after an attack.

Integrating Mimecast data into the QRadar system through the Mimecast data logging API allows email security data to correlate against other data sources, and be included in behavioral anomaly detection, helping to identify indicators of advanced threats that would otherwise go unnoticed.

Joint Mimecast and IBM customers can better predict and prioritize what vulnerabilities to remediate through improved visibility of attacks with highly focused alerts. The impact of an attack can be minimized through faster response times made possible by using one single system for threat intelligence and response.

Bob Adams is a Cyber Security Strategist at Mimecast. Originally joining Mimecast nearly four years ago as a Sales Engineer, Bob was recruited to Product Management after developing various unique ways of investigating cyber attacks and highlighting Mimecast's services. Bob now continues to use his time to help educate companies on protecting themselves against advanced cyber threats.

My goal is to help Mimecast admins evaluate their current security settings and get the most out of their Mimecast services. It’s important to remember that Targeted Threat Protection and its product updates are not enabled by default, as there are numerous settings that will vary from organization to organization.

Whether you still need to configure your TTP settings, want to review and update them, or are interested in learning more about the various features, this guide is for you.

When reading it, first review the Before You Start section to ensure your organization is at a proper baseline before making any changes. TTP is an evolving suite of services, and this guide is designed to help you perform a review of your current environment, and learn about best practices and recent product enhancements.

Throughout this series, each blog will introduce several tips and highlight different options for best customizing Targeted Threat Protection for your environment. For example, did you know that Mimecast can prevent attackers from impersonating external organizations you work with?

Additionally, since Mimecast is built to have its services work together, I will also shed some light on how certain settings interact with other aspects of Mimecast’s services. For example, we recently launched Mimecast Web Security. If you use Mimecast as your Secure Email Gateway with Targeted Threat Protection, and use Mimecast Web Security, you’ll find that some features from URL and Attachment Protect are available to help protect your Web Security as well.

I’ll explain all of this in more detail when I cover those features and settings in the coming blogs – stay tuned and get involved! I hope this will be an engaging series, and am looking forward to your feedback. Please feel free to comment on the optimization guide, this post, or on the coming blogs.

My part in the launch program this week was centered in London, from where I am currently writing this. Built-up in and around IPExpo Europe, in addition to supporting the event itself, we hosted both a customer and partner meeting where we explained and discussed this new service. Suffice it to say the interest was high and the understanding of what have done and why we have done it was also quite high.

In short, combining email and web security into a single integrated cloud service seems obvious, given the high proportion of cyber attacks that occur via email, web, or a via combination, is resonating. And given that you, our administrative customers don't have a shortage of things to do, we think the fact that it is easy to deploy, configure, and manage will be a key success factor for the service.

Interested in learning more? For starters, you can check out the documentation, the write-up and datasheet on Mimecast.com, the Service Update, my introductory blog, and even request a 30-day free trial, which is open to all current Mimecast customers. We would also love to hear from you, questions, comments, and concerns as you have them.

The following blog is by J. Peter Bruzzese, a Microsoft MVP (Exchange/Office 365), technical author/journalist/and speaker for Microsoft and others. For nearly a decade, he wrote the Enterprise Windows column for InfoWorld. J. Peter is the co-founder of both ClipTraining and Conversational Geek. He’s a strategic technical consultant for Mimecast. You can find him on Twitter at: @JPBruzzese.

A major outage in the US takes down a key Microsoft datacenter and a host of cloud services in the process. What to do when the “cloud” goes down?

Every vendor offering a cloud-based solution pours ungodly amounts of money into redundancy to ensure a single failure or even multiple failures go unnoticed by customers connected to their services. For months, it appears as if nothing can go wrong. And then…it does.

This week, Microsoft experienced Azure and Office 365 outages due to severe weather (lightning) taking out cooling systems in data centers located in San Antonio, Texas. This forced servers and services to shut down. The outage was focused on the South-Central U.S., but it affected customers around the globe. More specifically, the outage affected Exchange, SharePoint, Teams and a variety of other solutions with Azure AD being a problem for identity management, as well (which connects back to Office 365).

After most services were restored, customers were receiving error messages for Outlook and Skype saying they were being throttled due to a change to Azure AD for Office 365 authentication.

Without belaboring the situation, the real question is: “What did we learn from this outage?”

Cloud “haters” will tell you to avoid the cloud. That’s ridiculous at this stage of the game. When an airline has an incident do we stay out of the air? No, we learn from the failure. When it comes to cloud-based solutions, it’s important to understand that there is no perfect world where services never go down. Azure and Office 365 have gone down and will continue to go down. Microsoft will learn and improve, and we appreciate their efforts. But what does it mean when you have to cope with reality when an outage hits?

You may have a recovery plan for your on-prem environment – what happens when you experience a cloud outage? Do you have a plan to recover?

J. Peter continues his IT Admin's Guide to O365 Continuity, and recovery strategies for Mimecast customers, over at the Mimecast blog.

Wade Suster (an active community Legend!) hails from South Africa as both a customer and channel partner, and has spent the past 13 years in IT. Wade's career began in retail, where he built computers to customer specifications, then shifted to security. His work in the security industry includes helpdesk support for antivirus software, and a focus on IPS systems, packet shapers and now, perimeter security. His relatively late start to security proves that it's never too late to start again!

Could you describe your role and how Mimecast helps you with your daily work?

I am a Security Engineer. The company I work for is focused purely on security -- because of this, I am involved with multiple products, but mainly focus on Mimecast.

I look after multiple customers' (17+) Mimecast environments, and assist where needed. I also do Mimecast pre- and post-sales, implementations, and assist with POCs. The best part about this is interacting with existing and potential new customers. With every new customer challenge, I learn something new and my knowledge of the Mimecast product increases.

With Mimecast blocking many known and unknown threats, phishing attempts and bad URLs, this makes my customers feel safe, and in return, makes my life a lot easier!

Which security issues was your company most looking to solve when it decided upon Mimecast?

My current company was already an existing Mimecast user before I started here, but from interacting with my customers before they were using Mimecast, their main requirements were Archiving, Continuity and Targeted Threat Protection (TTP). Before they used Mimecast, most of the customers had issues where malware and zero-day threats were still getting through.

Another reason for moving to Mimecast was that some of the customers were using multiple products for spam, malware and archiving.

Best piece of advice/helpful pointers for one of your peers just starting off?

There is an answer to everything. If you have an issue with something, talk to Mimecast or log a call. The Mimecast staff are super friendly and helpful. Mimecast even offers free training, so take advantage of that!

Also have a look at the Mimecaster Central community. If you are stuck with an issue, ask for help, as there will always be someone there to assist. Have a look at previous discussions, as you can learn a lot here.

Most helpful feature of Mimecast services?

I have two, the first one being Data Leak Prevention. This is so customizable that you can create rules for just about anything.

The second one would have to be the use ofMailbox Continuity in Mimecast Mobile. It’s nice to be able to receive and send emails, and even search the archive from my mobile device -- if there is an issue connecting to Exchange, I can just use the Mimecast apps. I use Mimecast Mobile just about every day.

What keeps you busy off the clock?

I am super competitive, so anything that involves winning something. I love playing Pool (Billiards), Squash, and a bit of gaming when I can.

The following blog is authored by Matthew Gardiner. Matthew is Director of Product Marketing at Mimecast, currently focused on email security, phishing, malware, and cloud security.

Just like there is no one way to catch a thief, there is no one way to catch malware. There are just so many ways to build, compile, pack, and otherwise obfuscate files to get past specific detection techniques. This is why the Mimecast email security service uses many analytic techniques, including multiple AV engines, file type blocks, static file analysis, and behavioral sandboxing, as well as multiple threat intelligence sources, to separate good files from malicious ones. And of course, users need their emails and good files without delay! You can read all about how we do this in our cloud security service in this technical paper.

In addition, there are multiple delivery vehicles for malware, which is why many security systems, whether they operate on email, the web, the network, in a cloud service, or on the endpoint, need sophisticated malware detection capabilities to be effective.

This brings me to our recently announced acquisition of the anti-malware specialist Solebit. If you are an existing customer of Mimecast and use Targeted Threat Protect (TTP) – Attachment Protect, you are benefiting from Solebit’s technology today! Approximately six months ago, we added Solebit’s static file analysis malware detection software to our email security inspection funnel in our global datacenters, and, as expected, saw a marked increase in performance and detection efficacy with average processing times in TTP Attachment Protect dropping from 44 to 23 seconds. A “two-for” benefit. Rarely does security performance and efficacy improve together, as they are typically in conflict with each other. But this is not true with Solebit.

Mimecast plans to further utilize this technology to differentiate in other product areas. Solebit helps differentiate Mimecast today via its efficacy (stops more advanced threats) and speed of detection (much faster than traditional methods – like sandboxing). Owning the company allows Mimecast to further innovate in the security detection area. We believe this technology is critical to helping our customers become more cyber resilient.

With one purchase, we get access to dozens of security experts and open up a new development office in the security engineering hot spot of Herzliya, Israel in one transaction.

On the technology side, the purchase of Solebit provides Mimecast with even more malware detection capabilities as we enter into security spaces beyond Secure Email Gateways (notably, our recent public disclosure of our early adopter program and entry into the web security cloud services market). Given that both email and the web - often working together - are used to deliver and operate malware, such as ransomware and trojans, owning and continuing to develop key anti-malware technology will be key to the continued success of the Mimecast offerings, both current and future.

So now you know. With the acquisition of Solebit, Mimecast takes another major step toward delivering on our vision of providing a “super category” of cyber resilience solutions from a global, cloud-based service.

Matthew Gardineris a Director of Product Marketing at Mimecast, currently focused on email security, phishing, malware, and cloud security.

Given that you are spending some time in this Mimecast community and are reading this blog, there is an excellent chance that you are securing your email with the Mimecast family of security services. Thanks for that! Of potentially high interest to you is our upcoming entry into the web security market.

I want to bring to your attention our recent public step to extend our cloud-based security service into the domain of web security. While email is generally considered to be the dominant entry point for security threats, the web certainly isn't far behind and is often a key tool for attackers. And even in email-initiated attacks, particularly when malware is involved, attackers generally pivot to using the web to execute their attacks.

We think it makes a lot of sense to bring those two worlds together - email and web security - into a single service that provides an integrated, yet multi-vector defense. That is why later this year we plan to release a new cloud-based web security service - Mimecast Web Security - that provides web filtering and acceptable use controls at the DNS resolver layer of the web. A key goal of the service is to give you a security service that is easy to deploy and manage, while providing strong security bang-for-the-buck.

I tell you this now because we have just moved into our public phase of early-adopter testing. This is open to any existing customer of Mimecast. If you have interest in taking part in this testing period, which is estimated to remain open until September 1st, I encourage you to indicate your interest by filling out the form on this page.

Also, we have recently pushed live a beta testing subspace here. Check it out for some more details on the service and the program.

If you have any questions, feel free to ask them below in the comments.

Matthew Gardineris a Director of Product Marketing at Mimecast, currently focused on email security, phishing, malware, and cloud security.

Have you noticed that we at Mimecast are increasingly talking about the need for resilience for your email? In fact, not too long ago, we added a significant amount of new content on Mimecast.com under the heading Cyber Resilience for Email. Have you wondered why we are doing that?

This brings me to the analogy of the iPhone. The iPhone fundamentally changed the nature of what mobile phones, computers, and cameras are -- from distinct products to integrated services provided on a single platform.

We see the same phenomenon changing email as it migrates from on-premises to the cloud. Email-supporting services such as security, archiving, backup, recovery, and business continuity, which in the on-premise email world had been delivered by separate products and deployment practices, are able to be more efficiently provided by an integrated cloud service, more like an iPhone.

Before making the transition to Cyber Resilience for Email, Mimecast previously talked about providing security, continuity, and archiving services for email. While certainly true, this description lacked the vision of providing an integrated service that combined all of those individual capabilities, and more, as an integrated service.

Given that IT organizations ultimately need to provide IT services in general, and email services in particular that are resilient, after much thought, we landed on the word “resilience” to best describe what we provide for organizations’ email. We Make Email Safer for Business through our Cyber Resilience for Email solution. Making what we provide clearer to the world is largely “why” we came out with Cyber Resilience for Email solution naming.

When used together, these services help organizations protect their email before, during, and after an attack, technical failure, or careless user or administrator action. With thousands of organizations and millions of users depending on it currently, it isn’t new for them, but it is part of a key general trend that Mimecast is leading that is sweeping through the IT marketplace.

I would be very interested to hear what Cyber Resilience for Email means to you and your organization!

The following blog is byPeter Bauer, the CEO and co-founder of Mimecast, which he launched in 2003 along with co-founder and CTO Neil Murray.

I am excited to announce that last week, Mimecast acquired Ataata. Together we can dramatically improve employee cyber security awareness training globally. Ask any security professional today and they will respond that their traditional end user security awareness training is extremely difficult to get traction with internally. Creating the right security culture is hard and programs that are considered boring don’t make that any easier.

Ataata has a unique approach to getting employees engaged, fundamentally changing corporate culture, and ultimately, changing human behavior. This is critical as human error is involved in almost all breaches, making organizations without the right training much more vulnerable. Our Mimecast + Ataata video training content will help everybody understand how important human behavior is when it comes to protecting their business and how to make better decisions.

With training done right, employees can be security teams' greatest allies. According toresearchMimecast conducted with Vanson Bourne, 90% of organizations have seen phishing attacks increase over the last year, but only 11% say they continuously train employees on how to spot cyberattacks. This is a major problem in the industry, which is why we are thrilled that together, Mimecast and Ataata will help organizations close this gap.

Ataata is fun. It’s a compelling content platform focused on addressing the human firewall in a unique way.

Dan Sloshbergis the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.

As socially engineered impersonation attacks via email continue to grow, we are delighted to announce an alliance partnership with DMARC Analyzer to help customers better protect against these attacks.

Many of you are already using our Targeted Threat Protection – Impersonation Protect solution. This analyzes and combines multiple indicators of compromise to stop attacks targeting their employees, including those using lookalike domains, display name spoofing and reply-to-mismatch deception techniques.

DMARC Analyzer extends this protection with 360-degree email channel visibility, reporting and validation. The simple-to-setup-and-use cloud solution provides insight into unauthorized use of an organization’s own domains, which left unmonitored, can lead to impersonation attacks on customers, suppliers, other external parties and employees, too. DMARC Analyzer helps organizations move to a Domain-based Message Authentication, Reporting and Conformance (DMARC) reject policy faster and with more confidence.

Layering these complementary solutions delivers joint customers a better level of defense against all types of email fraud.

Dan Sloshberg is the Product Marketing Director at Mimecast, taking the lead on the Mimecast API, GDPR and market intelligence. A Mimecaster since 2013 and over 20 years in tech, he is a frequent speaker on all things cloud, security, cyber resilience and GDPR.

This highly requested integration offers joint customers the ability to benefit from LogRhythm’s advanced correlation and pattern recognition by automatically consuming email security data directly from the Mimecast cloud service. By combining this data with security data from other sources within your infrastructure, you can improve overall threat visibility, detection and alerting.

Automated or manual action can then be taken to improve your security posture – directly from the LogRhythm console. These actions can include disabling accounts and updating security policies such as blocked senders and blacklisting or whitelisting of URLs.

Combined with Mimecast’s advanced email security capabilities, including Targeted Threat Protection, you'll all benefit from tools designed to deliver the most effective cyber security and resilience.

Find out more about the LogRhythm integration with Mimecast, download the data collector tool and access documentation on the API Developer Portal.